This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: cookielib chokes on non-integer cookie version, should ignore it instead
Type: behavior Stage: patch review
Components: Library (Lib) Versions: Python 3.0, Python 3.1, Python 2.7, Python 2.6
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: DenNukem, andysk, georg.brandl, henriko, jjlee, loewis
Priority: normal Keywords: patch

Created on 2008-09-21 18:30 by DenNukem, last changed 2022-04-11 14:56 by admin. This issue is now closed.

File name Uploaded Description Edit
issue3924.patch jjlee, 2008-10-25 16:50
Messages (8)
msg73518 - (view) Author: Denis (DenNukem) Date: 2008-09-21 18:30

Some sites (e.g. sends cookies where
version is "1" instead of 1. Cookielib chokes on it so none of the
cookies work after that.

    def _cookie_from_cookie_tuple(self, tup, request):
        name, value, standard, rest = tup
        version = standard.get("version", None)
        if version is not None: version = int(version) << CRASH HERE!!!


use my own cookie jar, e.g.:

class MyCookieJar(CookieJar):
    def _cookie_from_cookie_tuple(self, tup, request):
        name, value, standard, rest = tup
        standard["version"]= None
        CookieJar._cookie_from_cookie_tuple(self, tup, request)

do not assume that version is int, keep it as string if it does not
parse as int:


UserWarning: cookielib bug!
Traceback (most recent call last):
line 1575, in make_cookies
    parse_ns_headers(ns_hdrs), request)
line 1532, in _cookies_from_attrs_set
    cookie = self._cookie_from_cookie_tuple(tup, request)
line 28, in _cookie_from_cookie_tuple
    CookieJar._cookie_from_cookie_tuple(self, tup, request)
line 1451, in _cookie_from_cookie_tuple
    if version is not None: version = int(version)
ValueError: invalid literal for int() with base 10: '"1"'

msg74825 - (view) Author: John J Lee (jjlee) Date: 2008-10-15 23:10
The sensible fix for this is to strip the quotes off, defaulting to
version 0 on failure to parse the version cookie-attribute.  It's not
necessary to retain the original version string.

By the way, what you posted warning rather than a strictly unhandled
exception or "crash" -- it's a bug, but won't cause the program to stop.
 And by "none of the cookies work after that", you mean that no cookies
in headers containing the quoted version cookie-attribute are accepted
by the cookiejar.

FWIW, this bug only affects RFC 2109 cookies, not RFC 2965 cookies.
msg75213 - (view) Author: John J Lee (jjlee) Date: 2008-10-25 16:50
Patch with tests attached.  The patch is slightly different to my first
suggestion: in the patch, invalid version values cause the cookie to be
ignored (but double quotes around valid versions are fine).
msg75214 - (view) Author: John J Lee (jjlee) Date: 2008-10-25 16:58
The bug is present on trunk and on the py3k branch, so I've selected
versions "Python 2.7" and "Python 3.0"

This is a straightforward bug, so I selected 2.5.3 and 2.6 also, to
indicate this is a candidate for backport.
msg77493 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2008-12-10 08:29
As the patch hasn't been applied to the trunk yet, I'm rejecting it for
msg83013 - (view) Author: Henrik Olsson (henriko) Date: 2009-03-02 12:11
The cookiejar workaround in the first comment did not work for me. The
cookies didn't stick in it. I guess version needs to be set.. this
worked for me:

class ForgivingCookieJar(cookielib.CookieJar):
    def _cookie_from_cookie_tuple(self, tup, request):
        name, value, standard, rest = tup
        version = standard.get("version", None)
        if version is not None:
            # Some servers add " around the version number, this module
expects a pure int.
            standard["version"] = version.strip('"')
        return cookielib.CookieJar._cookie_from_cookie_tuple(self, tup,
msg85790 - (view) Author: Andy Sk (andysk) Date: 2009-04-09 03:12
Thank you Henrik.  The workaround in the first comment caused some
cookies to be handled incorrectly due to ignoring version on all
cookies, but your workaround is nice.  

It seems that the patch jjlee supplied should really be applied,
however, to save others from having this problem.
msg106298 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2010-05-22 11:33
Thanks for the patch!  Applied in r81465 f.  Merged to 2.x in r81467, will merge to 3k later.
Date User Action Args
2022-04-11 14:56:39adminsetgithub: 48174
2010-07-12 20:31:34eric.araujolinkissue8975 superseder
2010-05-22 11:33:38georg.brandlsetstatus: open -> closed

nosy: + georg.brandl
messages: + msg106298

resolution: fixed
2009-11-24 18:07:07asuiusetversions: + Python 3.1
2009-04-09 03:12:11andysksetnosy: + andysk
messages: + msg85790
2009-03-02 12:11:39henrikosetnosy: + henriko
messages: + msg83013
2009-02-13 01:31:48ajaksu2setstage: patch review
versions: - Python 2.5
2008-12-10 08:29:43loewissetnosy: + loewis
messages: + msg77493
versions: - Python 2.5.3
2008-10-25 16:58:13jjleesettype: crash -> behavior
messages: + msg75214
components: + Library (Lib), - None
versions: + Python 2.6, Python 3.0, Python 2.7, Python 2.5.3
2008-10-25 16:50:37jjleesetfiles: + issue3924.patch
keywords: + patch
messages: + msg75213
2008-10-15 23:10:11jjleesetnosy: + jjlee
messages: + msg74825
2008-09-21 18:30:24DenNukemcreate